• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Kailash

#1
PHP 7.4 is reached to end of life Today, 29th November 2022. That means there will be no official updates available for PHP 7.4 version. It's time to migrate to PHP 8.1.

https://www.php.net/supported-versions.php

Regards,
Kailash
#2
Web Hosting Offers / READ BEFORE POSTING OFFER
August 08, 2022, 10:28:01 AM
Hi WHD Members,

Before you post in web hosting offer section, kindly go through this post to avoid account restriction / ban:

  • To post an offer for your hosting company, your profile email address must match with the company for which you are posting offfers
  • You can post 1 offer in a week. If you frequently violate this, your account may lead to ban.
  • You cannot hijack other member's thread to post your own offer.
  • If we identify the false offer, your account can be restricted or ban.
  • If you are looking for the premium account to post 3 times a week, you can contact us for the premium membership.

Regards,
WHD Admin
#3
Critical vulnerability has been patched in popular SEO WordPress plugin All In One SEO. If you are using this plugin, you should upgrade to latest version as soon as possible.

Refer the following blog post for more information about this privilege escalation vulnerability:

https://www.webhostingdiscussion.net/blog/critical-vulnerability-all-in-one-seo-wordpres/

- Kailash
#4
After recent cPanel update to cPanel v98.0 on CloudLinux 6 server, clamd is failing as follow:


/scripts/restartsrv_clamd --start
Service "clamd" is already stopped.
[...............]
Startup Log
/usr/local/cpanel/3rdparty/bin/clamd: error while loading shared libraries: libpcre2-8.so.0: cannot open shared object file: No such file or directory

clamd has failed. Contact your system administrator if the service does not automagically recover.


This is due to a missing shared library object (libpcre2-8.so.0) file that is required by ClamAV which you can confirm by this:
ldd /usr/local/cpanel/3rdparty/bin/clamd
[...............]
libz.so.1 => /lib64/libz.so.1 (0x00007f64ae2db000)
libpcre2-8.so.0 => not found
libm.so.6 => /lib64/libm.so.6 (0x00007f64ae056000)
[...............]


The libpcre2-8.so.0 shared library file is provided by the pcre2 package. However that package fails to be installed as a dependency when ClamAV is installed on the server.

Workaround

To get around this issue, you can manually install the missing package and then restart ClamD:

yum install pcre2

/scripts/restartsrv_clamd --start
#5
Forex market is one of the largest financial market. Anyone can invest and trade in Forex market from anywhere. You just need a system which is connect during Forex market days/hours.

Usually it is preferred to find Forex VPS Hosting provider and get a VPS to run it as Forex Trading. We have comprehensive list of Forex VPS hosting provider in our blog. That can help you to select right provider for your Forex trading.

For more details, kindly refer our following blog:

Best Forex VPS Hosting for Uninterrupted Trading

Regards,
Kailash
#6
Microsoft has released a security update to address a critical vulnerability in Windows Print Spooler. The vulnerability called "PrintNightmare," that was discovered last week, allows attackers to remotely execute malicious code with system privileges and install programs, make changes in the existing programs, and create new accounts with full user rights.

Fore more details, you can refer Microsoft's official website:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

It is strongly recommended to apply this security update in your desktop or server as soon as possible.

- Kailash
#7
Astra Premium WordPress theme is giving 25% discount on 4th July Independence day sale. This is limited time offer so it is right time to grab your 25% discount.

Fore more details, 4th of July Independence Day Sale! - Save 25% - Limited Time Offer

Astra WordPress theme offers three different editions and you can select as per your need.

- Kailahs
#8
xpertDNS announced that they are closing the business on May 15, 2021. They announced as follow:

------------------------------------------
We want to inform you that we shall be closing our company Xpert Group Technologies, Inc from May 15, 2021 onwards. We are not taking any more orders and user data will be user data will be deleted on that date.

For the past 15 years that we have been in business it was our sincere effort to offer excellent customer service to our customers, and we hope we were successful in our endeavors.

We request you to contact us in case you need any explanation for any issue.

ACTION REQUIRED:

    DNS Zones will need to be migrated to another hosting provider. ( Zones can be exported from the DNS Manager using "Zone Export". )
    Domains no longer use our name servers.
    If you have a domain registered through us, you will need to transfer to a new registrar before May 15, 2021 as we will not be processing domain renewals.

Yours Sincerely,
------------------------------------------

If you are using xpertDNS, you will need to find the alternative DNS provider to avoid any service outage.

- Kailash
#9
Salesforce faced a service outage on May 12, 2021 and it was confirmed by them on Twitter:

https://twitter.com/parkerharris/status/1392253069690343424

@salesforce is experiencing a major disruption due to what we believe is a DNS issue causing our service to be inaccessible. We recognize the significant impact on our customers and are actively working on resolution.

As per their status page, all services were restored and operational. For more information, you can refer the status:

https://status.salesforce.com

Regards,
Kailash
#10
ElegentThemes is offering 20% OFF on WordPress Divi theme as a part of their "Anniversary Sale". This is a good time to buy this theme if you are looking for a multi-purpose WordPress premium theme.

#11
WHMCS has release WHMCS 8.0 in release candidate now. This should be available for production release within next few days. To check what's New in WHMCS, refer our blog post on WHMCS 8.0 Release Candidate.

Thanks you!
#12
CVE-2020-1530 and CVE-2020-1537 – Windows Remote Access Elevation of Privilege Vulnerability

Microsoft has recently released a security update for all supported operating systems. An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.

To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

The security update addresses the vulnerability by correcting how Windows Remote Access handles memory. A privilege elevation vulnerability (CVE-2020-1530 and CVE-2020-1537) affects all supported versions of Windows server so far.  This vulnerability exists when Windows Remote Access improperly handles memory or file operations. The exploit requires an attacker to have execution capabilities on the victim system. Systems hosting websites or with web-accessible services are particularly vulnerable.

For more information refer the following URL:

https://www.webhostingdiscussion.net/blog/cve-2020-1530-cve-2020-1537/

- Kailash
#13
Microsoft DNS servers are affected by critical security vulnerability. There is remote code execution vulnerability exists in all DNS servers used in Windows Server 2008 and higher operating system. Microsoft has released an update for Windows Server 2012, Windows Server 2012 R2, Windows server 2016 and Windows server 2019. They have released an update for end of life operating system Window Server 2008 R2 but it looks like it is available to those users who have opted their paid addon to continue use Windows Server 2008 R2.

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

For more information, refer CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability.

- Kailash
#14
Hi,

If you have recently applied .Net updates on your Microsoft Windows server, it may break "Web sites" section in your SolidCP. SolidCP has yet not releases official update but there is a work around to fix this issue. It requires to edit your portal's web.config file to apply workaround. For more details, you can refer our KB on SolidCP Error in Web Sites section after Windows updates.

- Kailash
#15
Vulnerabilities / SMF 2.0.17 Released
December 31, 2019, 06:03:12 PM
Simple Machines has released a new patch to the 2.0.x line of SMF, bringing our latest release version to 2.0.17.

We consider this patch to be of crucial importance, as it includes an important fix for a critical bug that was introduced in SMF 2.0.16.

  • Fixes a bug that could cause SMF 2.0.16 to start consuming significant amounts of CPU-resources when the RSS function was used.
  • Eliminates some deprecated function warnings when using SSI.php on PHP 7.2+.


Please see the changelog for more information.

Since SMF 2.0.17 is essentially what 2.0.16 was intended to be and 2.0.16 was released only a few days ago, we are including a (slightly updated) version of the SMF 2.0.16 announcement for your convenience:

SMF 2.0.16 contained important security and bug fixes, as well as support for the European Union's General Data Protection Regulation (GDPR) requirements. We recommend updating as soon as possible.

Notable changes in 2.0.16 & 2.0.17

  • Support for privacy policy in addition to registration agreement
  • GDPR Compliance toggle in Core Features
   Enabling this configures multiple settings and new features to comply with the GDPR, including:
  • Requiring members to accept the current privacy policy in order to use the forum
  • Asking during registration whether the new member wants to receive announcements via email
  • Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
  • Allowing members to download a copy of their profile information
  • Adjusting the behaviour of a number of other features in minor ways as necessary
  • PHP 7.2 support
  • Improved security hashes for the image proxy
  • Improved security for the login cookie
  • Assorted other security improvements
  • Various improvements for both the installer and upgrader
#16
Vulnerabilities / SMF 2.0.16 Released
December 31, 2019, 05:59:46 PM
Simple Machines has released a new patch to the 2.0.x line of SMF, bringing our latest release version to 2.0.16.

We consider this patch to be of crucial importance, as it includes important security and bug fixes, as well as support for the European Union's General Data Protection Regulation (GDPR) requirements. We recommend updating as soon as possible.

Notable changes in 2.0.16

  • Support for privacy policy in addition to registration agreement
  • GDPR Compliance toggle in Core Features
   Enabling this configures multiple settings and new features to comply with the GDPR, including:
  • Requiring members to accept the current privacy policy in order to use the forum
  • Asking during registration whether the new member wants to receive announcements via email
  • Enabling token-based unsubscribe links in emails so members can unsubscribe without logging in
  • Allowing members to download a copy of their profile information
  • Adjusting the behaviour of a number of other features in minor ways as necessary
  • PHP 7.2 support
  • Improved security hashes for the image proxy
  • Improved security for the login cookie
  • Assorted other security improvements
  • Various improvements for both the installer and upgrader

Please see the changelog for more information.


IMPORTANT NOTES:

  • If you are using the GDPR Helper mod, you should follow these steps:
  • Back up your existing privacy policy text to a file somewhere
  • Update the GDPR Helper mod to its latest version
  • Uninstall the GDPR Helper mod
  • Install the SMF 2.0.16 patch

All users, including the admin, will need to log in again after 2.0.16 has been installed.

How to update to 2.0.16

If you are running version 2.0.15, you can update your forum to the latest version by using the package manager. You should see the update notification in the admin panel notifications and in the package manager, which will allow you to download and install the patch seamlessly.  If you do not see the notification about the patch, please run the scheduled task "Fetch Simple Machines files" from the Scheduled Tasks page (Admin > Maintenance > Scheduled Tasks).

If you use older versions of SMF, you can upgrade directly to 2.0.15 from whichever version you are currently using by using the "Large Upgrade" package from the Download page. Be aware that using this upgrade method will require you to reinstall any customizations that you have added to your forum, so if you are running a version of the 2.0.x series, it is recommended that you apply the successive patches instead of using the Large Upgrade.

If you are having problems downloading the patch from the admin panel, you can download the patch package from the Package Manager Updates page and install it via the Package Manager, as you would any other mod package.

Please refer to the Online Manual for more details about patching and upgrading.
#17
After upgrade to CURL version 7.67.0, you may receive the following error:

CURL Error: 56 - OpenSSL SSL_read: Success

Usually WHMCS and Enom users are reporting the above error. If you are using cPanel, you can downgrade the CURL version to fix this. You can execute following command on a cPanel server to downgrade the version:

yum downgrade ea-libcurl ea-libcurl-devel

Make sure that you restart Apache service. Also, if you are using litespeed, Apache-fpm, nginx etc., make sure you restart those services as well.

Regards,
Kailash
#18
Vulnerabilities / cPanel TSR-2019-0006 Full Disclosure
November 20, 2019, 03:37:30 PM
SEC-499

Summary

Authentication bypass due to variations in webmail username handling.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The process used to normalize and validate webmail account names was not consistent across different authentication subsystems. Because of these discrepancies, authenticated cPanel users could gain access to other cPanel and Webmail accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-508


Summary

Account suspension bypass via virtual mail accounts.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

The authentication logic for some subsystems relied entirely on data stored in the cPanel account's home directory for the enforcement of account suspensions. A cPanel user could take advantage of this behavior to retain access to virtual email accounts after the user's system account was suspended.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-516


Summary

Authentication bypass due to faulty password file format parsing.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The functions in cPanel & WHM that handled password and shadow file lookups did not enforce the constraints of this file format. This behavior could be misused by authenticated attackers to gain access to other accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-520


Summary

Self-XSS due to faulty JSON string escaping.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

The escaping method used for some JSON string interpolation in cPanel & WHM interface templates did not escape all possible character combinations unambiguously.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-525

Summary

Cpanel::Rand::Get can produce predictable output.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

When the /dev/urandom device is not initialized, Cpanel::Rand::Get initializes Perl's random number generation with data from the server's environment. This data could be predictable and when used as a seed, could cause predictable random numbers to be generated.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-531


Summary

MySQL dump streaming allowed reading all databases.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The MySQL database dump streaming functionality passed database names to the mysqldump binary in an ambiguous fashion. An authenticated attacker could misuse this behavior to read all databases on the system.

Credits

This issue was discovered by the cPanel Security Team.



Solution



This issue is resolved in the following builds:
11.84.0.10
11.82.0.18



SEC-532


Summary

Root chown on arbitrary paths in cPanel log processing.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

When processing logs to calculate bandwidth, symlinks to the processed logs are created in the user's home directory. An attacker can intercept this process to cause the ownership of an arbitrary file to be changed to the attacking user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-533


Summary

Stored XSS Vulnerability in WHM Backup Restoration.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Error messages displayed in the WHM Backup Restoration interface were not adequately encoded. Due to this, it was possible for an attacker to inject arbitrary code into the rendered page.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43



SEC-534


Summary

WebDAV authentication bypass due to faulty connection sharing logic.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Client authentication was not validated correctly when multiple WebDAV clients connected to the cpdavd daemon through a proxy server. Subsequent requests in a keepalive connection could inherit the authentication of prior requests.

Credits

This issue was discovered by Martin Rouf.

Solution

This issue is resolved in the following builds:
11.84.0.10
11.82.0.18
11.78.0.43


For the PGP-signed message, please see: https://news.cpanel.com/wp-content/u...ure.signed.txt.
#19
Notification from cPanel:

------------------

Today we are excited to announce that we're shifting to an account based pricing and licensing structure and to share what that means for your relationship with cPanel. We aim to simplify the process of adding new servers, make it easier to become a cPanel customer, and provide value to a broader group of users.
Introducing Account Based Pricing

The hosting industry has changed a lot in the last 20 years, and has long out-grown the licensing and pricing structure that we have used at cPanel. Effective immediately, cPanel's license structure and the way we price our products is changing. Our pricing and licensing structure will now be standardized for all of our customers and include multiple Tiers. This new structure defines the price of each license based on the number of Accounts hosted on the server, reflecting the value received by the owner; now, customers pay for only what they use. On September 1st, 2019, we will introduce Auto-Scaling Packages, Fixed Packages, and transition all existing monthly licenses to the new account based pricing and licensing structure.
-------------------------------------------------
There will be no unlimited domains license now and pricing will be affected to all providers who are offering unlimited domains hosting. Now, you will have to pay $$$ instead of few bucks for cPanel license and most of the providers are now already started looking for the alternative.

New pricing are mentioned on their website:

https://www.cpanel.net/pricing/

- Kailash
#20
Vulnerabilities / Docker vulnerability - May 2019
June 21, 2019, 02:30:39 PM
All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released.

https://www.bleepingcomputer.com/news/security/unpatched-flaw-affects-all-docker-versions-exploits-ready/

For complete CVE for Doker, refer the following URL:

https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id-28125/Docker-Docker.html

- Kailash
#21
TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

A vulnerability targeting the networking stack in linux servers running kernel 2.6.29 or newer has been discovered that allows for Networking denial-of-service of varying severity, leveraging TCP "Selective Acknowlegment" (SACK).

Because the vulnerability requires absolutely no authentication, it could be used to deny networking indefinitely to any linux server using an unpatched kernel released in the last 10 years.

You can read more about the exploit (and patches mitigating it), here: https://www.openwall.com/lists/oss-security/2019/06/17/5 and here https://access.redhat.com/security/vulnerabilities/tcpsack

Centos 5 hosts and older cannot be updated due to lack of support, so it requires disabling SACK on them. 

- Kailash
#22
Windows / Windows Server 2008 R2 End Of Life and Upgrade
November 15, 2018, 01:48:48 PM
Windows Server 2008 R2 will reach to end of life on January 14, 2020. That means, you will not get any updates including security updates after this date. It is essential that you migrate your existing Windows Server 2008 R2 to higher version. There are two option available as follow:

[1] Perform in-place upgrade from Windows Server 2008 R2 to Windows Server 2012 R2

If you wish to retain your existing data and settings, you can attempt to perform in-place upgrade. You can refer our following KB that will help you to perform in-place upgrade:

Upgrade Windows Server 2008 R2 to Windows Server 2012 R2

[2] Migration to another server with higher operating system (Windows Server 2012 R2 or Windows Server 2016)

You can setup a new server with higher operating system (Windows Server 2012 R2 or Windows Server 2016) and then manually migrate your data from old Windows Server 2008 R2.

- Kailash
#23
============================================================
           Product: VMware ESXi, Workstation & Fusion
               URL: https://www.vmware.com
        CVE Number: CVE-2018-6981
          Priority: Critical
              Date: 2018-11-09
============================================================

Vulnerability Description:
-------------------------

VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue.

Reference(s):
------------

https://www.vmware.com/security/advisories/VMSA-2018-0027.html
#24
============================================================
           Product: Nginx
               URL: http://nginx.org
        CVE Number: CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
            Impact: Low / Medium
              Date: 2018-11-10
============================================================

Product Description:
-------------------

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 25.28% busiest sites in October 2018.

Vulnerability Description:
-------------------------

Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).

A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845).

Reference(s):
------------

http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
#25
VestaCP infrastructure server was compromised and attackers were able to modify their installation script to log IP address and password in addition to distro name which was used to collect stats.

If you are using VestaCP, you should change your server password immediately and upgrade your installation to latest version as soon as possible. Also, you should audit your server as well. It is possible that your server is infected by malware.

You can refer the following URL for the detailed information:

https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
#26
Summary

XSRF/CSRF vulnerability in phpMyAdmin

Description

By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Severity

We consider this vulnerability to be critical.

Affected Versions

Versions 4.7.x (prior to 4.7.7) are affected.

Unaffected Versions

Versions older than 4.7.0 are not affected.

Solution

Upgrade to phpMyAdmin 4.7.7 or newer.

For more information, kindly refer their official notification from the following URL:

https://www.phpmyadmin.net/security/PMASA-2017-9/
#27
By default there is no symlink race condition protection available on cPanel server running CentOS 6 and CentOS 7 server. This is major security issue if the server is being used for shared hosting.

Now CloudLinux is offering free patchset to protect your server against sysmlink race code. For more information on installation, kindly refer our following blog post:

https://www.webhostingdiscussion.net/blog/cpanel/no-symlink-protection-detected-cpanel-server.htm

This is a free patchset and you do not require CloudLinux or KernelCare license.

Regards,
Kailash
#28
cPanel TSR-2017-0002 Full Disclosure

SEC-208

Summary

Addon domain conversion did not require a package for resellers.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Description

Previously, when you converted an addon domain to a normal account, it was not required that a reseller specify a package for the account creation. This allowed the reseller to use the system's "default" package that has no account limits. Now, an addon domain conversion requires that a reseller have and specify a valid package for the account.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-217

Summary

Self XSS Vulnerability in WHM cPAddons 'showsecurity' interface.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

When accessing the WHM cPAddons 'showsecurity' interface, the 'addon' parameter was not adequately escaped during page output. This could allow for arbitrary code to be injected into the rendered page.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-218

Summary

Arbitrary file read via WHM /styled/ URLs.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Description

WHM supports /styled/ URLs in order to allow for reseller interface customization and branding. It is possible for these URLs to load and display content from a reseller's home directory. These files were being loaded as the root user. This allowed for arbitrary files on the system to be read.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39

SEC-219


Summary

File overwrite when renaming an account.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 3.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Description

When renaming an account it was possible to manipulate the security policy directories within the user's home directory to overwrite certain files the user did not own.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-220

Summary

Arbitrary code execution during account modification.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Description

When the primary domain of an account was changed in WHM's "Modify an Account" interface, the .htaccess file in the account's docroot was updated. This .htaccess update process included a syntax test, where it was possible for the cPanel user to execute arbitrary code as root.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-221

Summary

Arbitrary code execution during automatic SSL installation.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

During Autossl installation for user-controlled domains, the .htaccess file in the domain's docroot was updated to bypass redirects that would interfere with the domain validation process. This .htaccess update process included a syntax test, where it was possible for the cPanel user to execute arbitrary code as root.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39

SEC-223

Summary

Security policy questions were not transfered during account rename.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 2.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

If an account had security questions set up, and that account was renamed, the questions were not transferred to the renamed account correctly. This allowed an attacker to set up their own security questions by logging into the target account after an account rename was performed.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-224

Summary

cPHulk one day ban bypass when IP based protection enabled.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

It was possible under certain settings to never trigger a one day ban when IP-based protection was also enabled. Now, IP addresses are properly one day banned when the specified threshold is reached.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-225

Summary

Code execution as root via overlong document root path settings.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

By specifying a document root path which exceed Apache's maximum configuration line length limit, it was possible for this excessive data to be interpreted as a new configuration directive. This could allow for an attacker to run arbitrary code as the root user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-226

Summary

Arbitrary file overwrite via WHM Zone Template editor.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 6.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Description

The WHM Zone Template editor interface did not properly validate the template filename when saving. This allowed resellers to overwrite arbitrary files on the system.

Credits

This issue was discovered by rack911labs.com.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-227

Summary

Expand list of reserved usernames.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Description

It was possible to create certain user accounts and then leverage the user's home directory to enable various exploits. These account names have been added to the reserved username list.

Credits

This issue was discovered by rack911labs.com.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-228

Summary

Adding parked domains to mail config did not respect domain ownership.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 2.4 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Description

It was possible for a reseller to add parked domains, that they did not own, to the Exim mail configuration. A reseller must now own the parked domain to perform any action on it.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-229

Summary

URL filtering flaw allowed access to restricted resources.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Due to faulty URL filtering, authenticated webmail accounts could access the PHPMyAdmin and PHPPGAdmin interfaces.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-232

Summary

Demo code execution via Htaccess::setphppreference API.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 7.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Description

The Htaccess::setphppreference API call was not restricted for demo accounts and accepted arbitrary data to be written into the account's .htaccess file. This could allow for an attacker to execute arbitrary codeunder the demo account.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46

SEC-233

Summary

Arbitrary code execution for demo accounts via NVData_fetchinc API call.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 7.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Description

The NVData_fetchinc API call could accept an arbitrary filename to be included and processed by the cPanel engine. It was possible for an attacker to use this to execute arbitrary code under a demo account.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.62.0.17
11.60.0.39
11.58.0.45
11.56.0.46
#29
Vulnerabilities / cPanel TSR-2017-0002 Announcement
March 21, 2017, 04:36:18 PM
cPanel TSR-2017-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.4 to 8.8.

Information on cPanel's security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

11.62.0.17 & Greater
11.60.0.39 & Greater
11.58.0.45 & Greater
11.56.0.46 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 15 vulnerabilities in cPanel & WHM software versions 11.62, 11.60, 11.58, and 11.56.

Additional information is scheduled for release on March 21, 2017.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:
https://go.cpanel.net/versionformat

For the PGP-Signed version of this announcement please see: https://news.cpanel.com/wp-content/uploads/2017/03/TSR-2017-0002.announcement.signed.txt

#30
WordPress 4.7.3 is now available. This is security and maintenance release for all previous version. It is strongly recommended to upgraded to latest version immediately.

WordPress 4.7.3 has addressed six critical security issue and 39 bug fixes. For more information, kindly refer the following news:

https://www.webhostingdiscussion.net/news/wordpress-4-7-3-security-maintenance-release.htm